Bewertung: 0 / 5
This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells[…]
Read more...NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.
Read more...NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.
Read more...Sabberworm PHP CSS parser suffers from a code injection vulnerability. Many versions are affected.
Read more...Ubuntu Security Notice 4375-1 - It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
Read more...Kuicms PHP EE version 2.0 suffers from a persistent cross site scripting vulnerability.
Read more...PHP-Fusion version 9.03.50 has been found susceptible to additional methods of persistent cross site scripting. Initial findings in this version were discovered by SunCSR.
Read more...PHP-Fusion version 9.03.50 suffers from a remote SQL injection vulnerability.
Read more...This Metasploit module exploits a command execution in Pi-Hole versions 4.4 and below. A new blocklist is added, and then an update is forced (gravity) to pull in the blocklist content. PHP content is then written to a file within[…]
Read more...This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request.[…]
Read more...Ubuntu Security Notice 4330-2 - USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive[…]
Read more...This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system[…]
Read more...PHP-Fusion version 9.03.50 suffers from a persistent cross site scripting vulnerability.
Read more...Red Hat Security Advisory 2020-1624-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, information leakage, integer overflow, and out of bounds read vulnerabilities.
Read more...POS PHP version 17.5 suffers from a persistent cross site scripting vulnerability.
Read more...PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.
Read more...QRadar Community Edition version 7.3.1.6 suffers from a php object injection vulnerability.
Read more...This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.
Read more...Ubuntu Security Notice 4330-1 - It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could[…]
Read more...This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module[…]
Read more...This Metasploit module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands.
Read more...This Metasploit module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called TPL which[…]
Read more...Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability.
Read more...Red Hat Security Advisory 2020-1112-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a cross site scripting vulnerability.
Read more...Gentoo Linux Security Advisory 202003-57 - Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. Versions less than 7.4.4 are affected.
Read more...
